Ask Your Question
0

keystone can't be connected outside localhost

asked 2013-05-10 01:20:22 -0500

chen-li gravatar image

I have a new installed keystone with version G.

I can successfully run command : keystone --token ADMIN --endpoint http://localhost:35357/v2.0 user-list

But, when I change "localhost" to the physical machine's IP address, the command stalled. I add debug to run the command, it stops at: keystone --debug --token ADMIN --endpoint http://192.168.11.11:35357/v2.0 user-list REQ: curl -i http://192.168.11.11:35357/v2.0/users -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: ADMIN"

Anyone know why ?

Thanks. -chen

edit retag flag offensive close merge delete

7 answers

Sort by ยป oldest newest most voted
0

answered 2013-05-10 01:51:51 -0500

is there any bind_host attribute set in the config file, or you may try to set bind_host=192.168.11.11?

edit flag offensive delete link more
0

answered 2013-05-10 02:28:34 -0500

chen-li gravatar image

I forgot to unset the proxy on the node. Really sorry.

Thanks. -chen

edit flag offensive delete link more
0

answered 2013-05-10 01:30:42 -0500

is that possible to paste your keystone.conf and log here? not sure if you can ping this physical ip

edit flag offensive delete link more
0

answered 2013-05-10 01:47:09 -0500

chen-li gravatar image

I'm sure the IP is correct.

I only edit the sql connection part in keystone.conf. All other things are default.

And, no log in keystone. I guess the request stalled at : REQ: curl -i http://192.168.11.11:35357/v2.0/users -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: ADMIN" Looks like keystone never received the request.

Keystone should working fine: netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State ...... tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN ...... tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN

IPtables is configured correct, I think: iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:35357 ACCEPT tcp -- anywhere anywhere tcp dpt:5000 ......

edit flag offensive delete link more
0

answered 2013-05-10 01:53:02 -0500

chen-li gravatar image

Keystone log start :

2013-05-10 09:49:31 DEBUG [keystone-all] ************************* 2013-05-10 09:49:31 DEBUG [keystone-all] Configuration options gathered from: 2013-05-10 09:49:31 DEBUG [keystone-all] command line args: [] 2013-05-10 09:49:31 DEBUG [keystone-all] config files: ['/etc/keystone/keystone.conf'] 2013-05-10 09:49:31 DEBUG [keystone-all] ================================================================================ 2013-05-10 09:49:31 DEBUG [keystone-all] admin_endpoint = http://localhost:%(admin_port)d/ 2013-05-10 09:49:31 DEBUG [keystone-all] admin_port = 35357 2013-05-10 09:49:31 DEBUG [keystone-all] admin_token = ADMIN 2013-05-10 09:49:31 DEBUG [keystone-all] auth_admin_prefix = 2013-05-10 09:49:31 DEBUG [keystone-all] bind_host = 0.0.0.0 2013-05-10 09:49:31 DEBUG [keystone-all] compute_port = 8774 2013-05-10 09:49:31 DEBUG [keystone-all] config_dir = None 2013-05-10 09:49:31 DEBUG [keystone-all] config_file = ['/etc/keystone/keystone.conf'] 2013-05-10 09:49:31 DEBUG [keystone-all] crypt_strength = 40000 2013-05-10 09:49:31 DEBUG [keystone-all] debug = True 2013-05-10 09:49:31 DEBUG [keystone-all] log_config = None 2013-05-10 09:49:31 DEBUG [keystone-all] log_date_format = %Y-%m-%d %H:%M:%S 2013-05-10 09:49:31 DEBUG [keystone-all] log_dir = /var/log/keystone 2013-05-10 09:49:31 DEBUG [keystone-all] log_file = keystone.log 2013-05-10 09:49:31 DEBUG [keystone-all] log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s 2013-05-10 09:49:31 DEBUG [keystone-all] max_param_size = 64 2013-05-10 09:49:31 DEBUG [keystone-all] max_request_body_size = 114688 2013-05-10 09:49:31 DEBUG [keystone-all] max_token_size = 8192 2013-05-10 09:49:31 DEBUG [keystone-all] member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab 2013-05-10 09:49:31 DEBUG [keystone-all] member_role_name = _member_ 2013-05-10 09:49:31 DEBUG [keystone-all] onready = None 2013-05-10 09:49:31 DEBUG [keystone-all] policy_default_rule = None 2013-05-10 09:49:31 DEBUG [keystone-all] policy_file = policy.json 2013-05-10 09:49:31 DEBUG [keystone-all] public_endpoint = http://localhost:%(public_port)d/ 2013-05-10 09:49:31 DEBUG [keystone-all] public_port = 5000 2013-05-10 09:49:31 DEBUG [keystone-all] pydev_debug_host = None 2013-05-10 09:49:31 DEBUG [keystone-all] pydev_debug_port = None 2013-05-10 09:49:31 DEBUG [keystone-all] standard_threads = False 2013-05-10 09:49:31 DEBUG [keystone-all] syslog_log_facility = LOG_USER 2013-05-10 09:49:31 DEBUG [keystone-all] use_syslog = False 2013-05-10 09:49:31 DEBUG [keystone-all] verbose = True 2013-05-10 09:49:31 DEBUG [keystone-all] signing.ca_certs = /etc/keystone/ssl/certs/ca.pem 2013-05-10 09:49:31 DEBUG [keystone-all] signing.ca_password = None 2013-05-10 09:49:31 DEBUG [keystone-all] signing.certfile = /etc/keystone/ssl/certs/signing_cert.pem 2013-05-10 09:49:31 DEBUG [keystone-all] signing.key_size = 1024 2013-05-10 09:49:31 DEBUG [keystone-all] signing.keyfile = /etc/keystone/ssl/private/signing_key.pem 2013-05-10 09:49:31 DEBUG [keystone-all] signing.token_format = PKI 2013-05-10 09:49:31 DEBUG [keystone-all] signing.valid_days = 3650 2013-05-10 09:49:31 DEBUG [keystone-all] stats.driver = keystone.contrib.stats.backends.kvs.Stats 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.alias_dereferencing = default 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.allow_subtree_delete = False 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.domain_allow_create = True 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.domain_allow_delete = True 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.domain_allow_update = True 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.domain_attribute_ignore = 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.domain_desc_attribute = description 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.domain_enabled_attribute = enabled 2013-05-10 09:49:31 DEBUG [keystone-all] ldap.domain_enabled_emulation = False 2013-05-10 09:49:31 DEBUG [keystone-all] ldap ... (more)

edit flag offensive delete link more
0

answered 2013-05-10 01:57:00 -0500

chen-li gravatar image

Default in keystone.conf: bind_host = 0.0.0.0

In log, after keystone start, it print out : 2013-05-10 09:49:31 DEBUG [eventlet.wsgi.server] (32403) wsgi starting up on http://0.0.0.0:35357/ 2013-05-10 09:49:31 DEBUG [eventlet.wsgi.server] (32403) wsgi starting up on http://0.0.0.0:5000/

And netstat shows: tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN

I edit keystone.conf: public_endpoint = http://192.168.11.11:5000/ admin_endpoint = http://192.168.11.11:35357/ (Default they're using localhost)

Not working.

Thanks. -chen

edit flag offensive delete link more
0

answered 2013-05-10 02:37:15 -0500

re #6, I thought the default conf should be comment out, not sure whether this is different in product env and dev env.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-05-10 01:20:22 -0500

Seen: 197 times

Last updated: May 10 '13